Conversation

Notices

1. Embed this notice
   Mauricio Teixeira 🇧🇷🇺🇲 (badnetmask@hachyderm.io)'s status on Wednesday, 20-Nov-2024 21:45:41 JST Mauricio Teixeira 🇧🇷🇺🇲

   in reply to

   • Merry Jerry 🎄🎅🕎⛄️❄️

   @jerry
   In this day and age, I don't understand what's going on in the head of anyone who would think 2FA is a pain.

   • Embed this notice
     Merry Jerry 🎄🎅🕎⛄️❄️ (jerry@infosec.exchange)'s status on Wednesday, 20-Nov-2024 21:45:42 JST Merry Jerry 🎄🎅🕎⛄️❄️

     I’ve been getting a number of phishing emails purporting to be from Hetzner saying my payment into needs to be updated. It’s interesting excuse they targeting email addresses that are plausibly associated with my various fediverse service domains. The from addresses are nonsensical, and the link to login Hetzner are easy give away that it’s a scam.

     Anyhow, please be on alert if you use Hetzner. I am guessing the play here is to steal your Hetzner login credentials, and (probably) payment information. Hetzner does have an alert in their portal about phishing attacks purporting to be from them so I think they are aware, though I found the targeting to be a bit novel.

     Stay safe out there.

     EDIT: I meant to add that if you have not already done so, you should turn on two factor authentication. I know it’s a pain, but it can partially mitigate the effects of accidentally falling for a phish like this, among many other attack tactics.